php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-26 09:12:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

mhash_keygen_s2k() overwrote the limits of a statically allocated buffer

Browse Source 
for long salts.  We truncate the salt now appropiately.

PR: #11817
This commit is contained in:
Sascha Schumann
2001-07-01 11:20:56 +00:00
parent 1b0356e0f7
commit da3b899dd8
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ext/mhash/mhash.c
View File

@@ -225,7 +225,7 @@ PHP_FUNCTION(mhash_keygen_s2k)
password = Z_STRVAL_PP(input_password);
password_len = Z_STRLEN_PP(input_password);
salt_len = Z_STRLEN_PP(input_salt);
salt_len = MIN(Z_STRLEN_PP(input_salt), SALT_SIZE);
if (salt_len > mhash_get_keygen_salt_size(KEYGEN_S2K_SALTED)) {
sprintf( error, "The specified salt [%d] is more bytes than the required by the algorithm [%d]\n", salt_len, mhash_get_keygen_salt_size(KEYGEN_S2K_SALTED));
@@ -233,8 +233,9 @@ PHP_FUNCTION(mhash_keygen_s2k)
php_error(E_WARNING, error);
}
memset( salt, 0, SALT_SIZE);
memcpy( salt, Z_STRVAL_PP(input_salt), salt_len);
memcpy(salt, Z_STRVAL_PP(input_salt), salt_len);
if (salt_len < SALT_SIZE)
memset(salt + salt_len, 0, SALT_SIZE - salt_len);
salt_len=SALT_SIZE;
/* if (salt_len==0) {